230 likes | 246 Views
CMGT 400 Assignment Week 1 Threats, Attacks, and Vulnerability Assessment<br> <br>CMGT 400 Assignment Week 2 Financial Service Security Engagement<br> <br>CMGT 400 Assignment Week 2 Penetration Testing Plan<br> <br>CM
E N D
CMGT 400 All Assignments (New Syllabus) For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 1 Threats, Attacks, and Vulnerability Assessment CMGT 400 Assignment Week 2 Financial Service Security Engagement CMGT 400 Assignment Week 2 Penetration Testing Plan CMGT 400 Assignment Week 3 Security Standards, Policies, and Procedures Manual CMGT 400 Assignment Week 4 Disaster Recovery and Business Continuity Plan CMGT 400 Assignment Week 4 Security Risk Mitigation Plan CMGT 400 Assignment Week 5 Secure Staging Environment Design and Coding Technique Standards Technical Guide
******************************************* CMGT 400 Assignment Week 1 Threats, Attacks, and Vulnerability Assessment For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 1 Threats, Attacks, and Vulnerability Assessment Throughout this course you will study the different roles that contribute to an organization's information security and assurance. Part A: Select an organization you wish to explore and use throughout the course. As you make your selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst,
Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer. You need sufficient knowledge of the organization you select to complete these security assignments. Part B: A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber- related interests. Take on the role of a Cyber Security Threat Analyst for the organization you select. Use the Threats, Attacks, and Vulnerability Assessment Template to create a 3- to 4-page Assessment Document. Research and include the following: Tangible assets: Include an assessment scope. The scope must include virtualization, cloud, database, network, mobile, and information system. Asset descriptions: Include a system model, A diagram and descriptions of each asset included in the assessment scope, and existing countermeasures already in place. (Microsoft® Visio® or Lucidhart®) Threat agents and possible attacks Exploitable vulnerabilities Threat history Evaluation of threats or impact of threats on the business A prioritized list of identified risks Countermeasures to reduce threat Submit the assignment. *******************************************
CMGT 400 Assignment Week 2 Financial Service Security Engagement For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 2 Financial Service Security Engagement Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals. Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the on-site software applications that manage customer accounts and investment portfolios will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue. The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems and has requested that your team complete the following 6- to 8-page security analysis: Create a plan that addresses the secure use of mobile devices by internal employees and external employees as they use mobile devices to access these applications. Recommend physical security and environmental controls to protect the data center which runs the on-site applications. Propose audit assessment and processes that will be used to ensure that the cloud-based CRM software provider uses appropriate physical security and environmental controls to protect their data centers which run your cloud-based CRM software. Develop identity and access management policies for both the on-site systems and the cloud-based CRM. Recommend cryptography and public key infrastructure (PKI) uses which could be used to increase security for these systems. Submit the assignment. ******************************************* CMGT 400 Assignment Week 2 Penetration Testing Plan
For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 2 Penetration Testing Plan A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities. Take on the role of Penetration Tester for the organization you chose in Assignment Week 1. Use the Penetration Testing Plan Template to create a 3- to 4-page Penetration Testing Plan for the organization you chose. Research and include the following: Pentest Pre-Planning Engagement timeline: Tasks and who performs them Team location: Where will the penetration team execute their tests? Organization locations tested: multiple locations, countries (Export restrictions and government restrictions) Which pentest technologies will be used? Consider the following as you research options: Scanning Tools: Nmap, Nikto Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
OSINT Tools: Whois, TheHarvester Wireless Tools: Aircrack-ng, Kismet Networking Tools: Wireshark, Hping What client personal are aware of the testing? What resources provided to pentest team? Test Boundaries: What is tested? Social engineering test boundaries? What is acceptable? What are the boundaries of physical security tests? What are the restrictions on invasive pentest attacks? What types of corporate policy affect your test? Gain Appropriate authorization (Including third-party authorization) Pentest Execution Planning: Given the scope and constraints you developed in your Pentest Pre-Plan, plan the following pentest execution activities Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks Pentest Analysis and Report Planning: Analyzepentest results Report pentest results Submit the assignment. ******************************************* CMGT 400 Assignment Week 3 Security Standards, Policies, and Procedures Manual
For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 3 Security Standards, Policies, and Procedures Manual Cyber Security Engineers are responsible for safeguarding computer networks and systems in an organization in order to protect the sensitive data they store. Take on the role of Cyber Security Engineer for the organization you chose in Assignment Week 1. Develop a 5- to 6-page manual using the Security Standards, Policies, and Procedures Template with recommendations to management of security standards, polices, and procedures which should be implemented in your chosen organization. Research and include the following: Explain the importance to your organization of implementing security policies, plans, and procedures. Discuss how security policies, plans, and procedures will improve the overall security of the organization. Recommend appropriate policies and procedures for: Data privacy Data isolation
NDA IP Protection Passwords Acceptable use of organizational assets and data Employee policies (separation of duties/training) Risk response Avoidance Transference Mitigation Acceptance Compliance examples that might affect your organization or others [Regulatory, Advisory, Informative] HIPPA FERPA ISO NIST SEC Sarbanes/Oxley Incident response Preparation Identification Containment Eradication Recovery Lessons learned Auditing Environmental/Physical Administrative Configuration Submit the assignment. *******************************************
CMGT 400 Assignment Week 4 Disaster Recovery and Business Continuity Plan For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 4 Disaster Recovery and Business Continuity Plan Using the financial services scenario from the Assignment Week 2 Learning Team assignment, "Financial Service Security Engagement," create an 8- to 10-page Disaster Recovery and Business Continuity Plan with the following: Determine the recovery model for your backup and recovery strategy Design the backup strategy and include a diagram to document your backup strategy. Include recovery steps in your diagram Recommend a schedule for backups Explain how you will test your backup and recovery strategy Recovery sites Hot site Warm site Cold site
Order of restoration Backup types Differential Incremental Snapshot Full Geographic considerations Off-site backups Distance Location selection Legal implications Legal implications Data sovereignty Continuity of operation Exercises After-action reports Failover Alternate processing sites Alternate business practices Submit the assignment. ******************************************* CMGT 400 Assignment Week 4 Security Risk Mitigation Plan
For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 4 Security Risk Mitigation Plan A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks. Take on the role of Risk Management Analyst for the organization you chose in Assignment Week 1. Using the Security Risk Mitigation Plan Template, create a 4- to 5.5- page Security Risk Mitigation Plan for the organization you chose. Research and include the following: Security Risk Mitigation Plan: Select and document security policies and controls. Create password policies. Document administrator roles and responsibilities. Document user roles and responsibilities. Determine authentication strategy. Determine intrusion detection and monitoring strategy. Determine virus detection strategies and protection. Create auditing policies and procedures. Develop education plan for employees on security protocols and appropriate use. Provide risk response. Avoidance
Transference Mitigation Acceptance Address change Management/Version Control. Outline acceptable use of organizational assets and data. Present employee policies (separation of duties/training). Explain incident response. Incident types/category definitions Roles and responsibilities Reporting requirements/escalation Cyber-incident response teams Discuss the incident response process. Preparation Identification Containment Eradication Recovery Lessons learned Submit the assignment. ******************************************* CMGT 400 Assignment Week 5 Secure Staging Environment Design and Coding Technique Standards Technical Guide
For more classes visit www.snaptutorial.com CMGT 400 Assignment Week 5 Secure Staging Environment Design and Coding Technique Standards Technical Guide A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications. Take on the role of Software Engineer for the organization you selected in Assignment Week 1. Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose. Research and include the following: Design a secure staging environment for your organization Diagram your staging environment Include descriptions for each object in your environment Create a secure coding technique/quality and testing standard for your organization covering the following secure coding techniques: Proper error handling Proper input validation Normalization Stored procedures Code signing Encryption
Obfuscation/camouflage Code reuse/dead code Server-side vs. client-side execution and validation Memory management Use of third-party libraries and ADKs Data exposure Code quality and testing Automation Static code analyzers Dynamic analysis (e.g. fuzzing) Stress testing Sandboxing Model verification Submit the assignment. ******************************************* CMGT 400 Entire Course For more classes visit www.snaptutorial.com CMGT 400 Week 1 Individual Assignment Risky Situation
CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report System Review CMGT 400 Week 1 DQ 1 CMGT 400 Week 1 DQ 2 CMGT 400 Week 2 Individual Assignment Common Information Security Threats CMGT 400 Week 2 Team Assignment Kudler Fine Foods IT Security Report Top Threats CMGT 400 Week 2 DQ 1 CMGT 400 Week 2 DQ 2 CMGT 400 Week 3 Individual Assignment Disaster Securing and Protecting Information CMGT 400 Week 3 Team Assignment Kudler Fine Foods IT Security Report Security Consideration CMGT 400 Week 3 DQ 1 CMGT 400 Week 3 DQ 2 CMGT 400 Week 4 Individual Assignment The Role of Information Security Policy CMGT 400 Week 4 Team Assignment Kudler Fine Foods IT Security Report Security Policy & Training CMGT 400 Week 4 DQ 1 CMGT 400 Week 4 DQ 2 CMGT 400 Week 5 Team Assignment Kudler Fine Foods IT Security Report Paper CMGT 400 Week 5 Team Assignment Kudler Fine Foods IT Security Report Presentation CMGT 400 Week 5 DQ 1 CMGT 400 Week 5 DQ 2 ******************************************* CMGT 400 Week 1 DQ 1
For more classes visit www.snaptutorial.com What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? ******************************************* CMGT 400 Week 1 DQ 2 For more classes visit www.snaptutorial.com How can information be an asset in a company? Discuss three different examples of information that should be protected by a company
and not exposed. Include several examples of what management could do to protect each example. ******************************************* CMGT 400 Week 2 DQ 1 For more classes visit www.snaptutorial.com Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? ******************************************* CMGT 400 Week 2 DQ 2 For more classes visit
www.snaptutorial.com Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? ******************************************* CMGT 400 Week 3 DQ 1 For more classes visit www.snaptutorial.com What are three of the controls in the Helton (2010) article that would be effective in protecting health care information? For each item, describe the risk in your own terms and suggested solutions to mitigate it. Also, discuss whether this issue would face other types of organizations, or if it is limited to only those in the health care field. *******************************************
CMGT 400 Week 3 DQ 2 For more classes visit www.snaptutorial.com How can a company protect data on corporate laptops according to the Storn (2008) article? Why do more organizations not use this kind of protection? Do you expect this to become a legal requirement in the future? Explain why or why not. ******************************************* CMGT 400 Week 4 DQ 1 For more classes visit www.snaptutorial.com
What are the top three areas that an organization should work on to respond to the issues raised in the de Villiers (2010) article? Why are these areas critical to the organization? Is the author’s assessment correct? Explain why or why not. Choose a specific organization to illustrate your argument. ******************************************* CMGT 400 Week 4 DQ 2 For more classes visit www.snaptutorial.com What is the value and effect of a good business impact analysis (BIA)? How can using this help an organization develop an effective information security policy? ******************************************* CMGT 400 Week 5 DQ 1
For more classes visit www.snaptutorial.com What is the role of an internal IT audit group in an organization? Why is having such a group important for an organization and why should it report outside the normal IT reporting channels? ******************************************* CMGT 400 Week 5 DQ 2 For more classes visit www.snaptutorial.com What are at least three questions that you would ask to perform basic threat modeling for a field other than health care? Base your response on the information found in the AHC Media article (2009). Discuss your reasons for picking the questions you use. *******************************************